Owner

Current status

Detailed Description

The security tool that can be used both as a security audit as well as a part of an intrusion detection system. It consists of set of tests, library and textual/graphical frontend. Tests are sorted into groups and security levels. Administrators can run selected tests, groups or whole security levels.

Benefit to Fedora

Lower the attack surface by finding possible vulnerabilities, audit the system to find common problems to improve security and performance of scanning system. Encourage users to use Fedora on server and support other distributions based on Fedora like Red Hat Enterprise Linux or CentOS

Scope

Already done:

Split the current program to backend mechanism and frontend pieces to separate user part and administrator part of application.

Dbus communication interface for backend

opotion for not using dbus

switch communication between backend and frontend to dbus and unix sockets

PolicyKit integration

Define policies for PolicyKit

Further plans:

Improve GUI

Better user authentication system

How To Test

There is no need for special hardware to test this feature.

install sectool and sectool-gui

$ yum install sectool*

Sanity testing

Test the most basic functions to make sure sectool is able to start, etc.

sectool --help

This should show a help for command line user interface

sectool --version

Shows the version of package. Make sure that the version string is correct.

sectool --list

Check that the level numbers are sane. Test globbing:

sectool --list \*home\*

Show information of some tests:

sectool --info <test>

Running the tests

Test that sectool is able to run tests.

Test running a single test in default level:

sectool --run bootloader

Test running a single test in non-default level:

sectool --level 5 --run bootloader

Bootloader is a good candidate since it should stay silent in the default level and ERROR in level 5

Diff and sending a mail

that is SEND_BODY=diff SEND_ATTACHMENT=full
make sure your sendmail is running and properly configured

sectool --run home_files --mail jhrozek@redhat.com

Sending email - full output in body, diff in attachment.

Set SEND_ATTACHMENT=diff and SEND_BODY=full in /etc/sectool/sectool.conf

Sending email via SMTP server

the default is via sendmail
configure your server, username and password in /etc/sectool/sectool.conf and change TARGET=smtp

Check the --clean action

run a test, make sure that results.xml exists

sectool --clean

should remove it

Overriding levels

Check that level can be added/removed via config file:

echo "path 1 2" > ~/.sectoolrc
test a level that is not included in the dsc

Check that disabling all levels work:

echo "path" > ~/.sectoolrc

Logging

See /var/log/sectool.log is created, filled and properly formated

Check that logrotate handles sectool.log

DBus testing

Test non-dbus communication by running sectool, e.g.:

sectool -r vsftpd

Test dbus sectool by running with option --use-dbus:

sectool --use-dbus -r vsftpd

Should end with no authorization message

sectool --use-dbus --list

Should show the list of tests

GUI testing

Test PolicyKit authentification by running sectool-gui

Test sectool-gui tool by:

running tests

running level

clear cache data

stop performing tests

GUI tool should react swiftly without delay, stoping tests should be with approximately 2s delay by stopping all threads.

User Experience

Users will have option to audit their system to improve security and performance. Users can choose between command line testing through dbus (or without dbus) and GUI testing tool. The whole system will be less vulnerable to attack.

Dependencies

sectool-gui

Contingency Plan

This feature is not critical. Revert to previous release in case that could not be complete by the final feature freeze.

Release Notes

Sectool is a security tool that can be used both as a security audit as well as a part of an intrusion detection system. It consists of set of tests, library and textual/graphical frontend. Tests are sorted into groups and security levels. Administrators can run selected tests, groups or whole security levels.

Sectool is now using PolicyKit and dbus for better security in authentication actions.